[Bug tools/33004] Stack Buffer Underflow in eu-unstrip's sections_match Function
mark at klomp dot org
sourceware-bugzilla@sourceware.org
Mon Jun 2 15:02:13 GMT 2025
https://sourceware.org/bugzilla/show_bug.cgi?id=33004
--- Comment #4 from Mark Wielaard <mark at klomp dot org> ---
(In reply to Xudong Cao from comment #3)
> Thanks for the quick fix!
> I agree the files are malformed, but any out-of-bounds access caught by ASan
> is still considered a memory-safety defect from the security point of view.
> The early-exit patch solves that, so many thanks.
It isn't a memory-safety issue, but a false positive from ASan since it cannot
be triggered outside of ASan.
Also we don't consider bugs on deliberately malformed files (untrustworthy
inputs) by the standalone tools security issues.
See https://sourceware.org/cgit/elfutils/tree/SECURITY for our security policy.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Elfutils-devel
mailing list